Warning: Permanently added '10.128.0.183' (ED25519) to the list of known hosts. executing program executing program executing program syzkaller login: [ 50.836731][ T2963] [ 50.839098][ T2963] ===================================================== [ 50.846023][ T2963] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 50.853468][ T2963] 6.1.83-syzkaller #0 Not tainted [ 50.858472][ T2963] ----------------------------------------------------- [ 50.865382][ T2963] kworker/0:3/2963 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire: [ 50.873256][ T2963] ffff88801aa71820 (&htab->buckets[i].lock){+...}-{2:2}, at: sock_hash_delete_elem+0xac/0x2f0 [ 50.883533][ T2963] [ 50.883533][ T2963] and this task is already holding: [ 50.891229][ T2963] ffff8880b9828358 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 [ 50.900087][ T2963] which would create a new lock dependency: [ 50.905956][ T2963] (&base->lock){-.-.}-{2:2} -> (&htab->buckets[i].lock){+...}-{2:2} [ 50.914037][ T2963] [ 50.914037][ T2963] but this new dependency connects a HARDIRQ-irq-safe lock: [ 50.923471][ T2963] (&base->lock){-.-.}-{2:2} [ 50.923489][ T2963] [ 50.923489][ T2963] ... which became HARDIRQ-irq-safe at: [ 50.935745][ T2963] lock_acquire+0x1f8/0x5a0 [ 50.940324][ T2963] _raw_spin_lock_irqsave+0xd1/0x120 [ 50.945693][ T2963] lock_timer_base+0x120/0x260 [ 50.950536][ T2963] add_timer_on+0x1eb/0x580 [ 50.955109][ T2963] handle_irq_event+0xa9/0x1e0 [ 50.959966][ T2963] handle_level_irq+0x3ab/0x6c0 [ 50.964890][ T2963] __common_interrupt+0xd7/0x1f0 [ 50.969900][ T2963] common_interrupt+0x9f/0xc0 [ 50.974651][ T2963] asm_common_interrupt+0x22/0x40 [ 50.979747][ T2963] _raw_spin_unlock_irqrestore+0xd4/0x130 [ 50.985547][ T2963] __setup_irq+0x12fa/0x1d80 [ 50.990211][ T2963] request_threaded_irq+0x2a7/0x380 [ 50.995482][ T2963] setup_default_timer_irq+0x1f/0x30 [ 51.000849][ T2963] x86_late_time_init+0x51/0x86 [ 51.005775][ T2963] start_kernel+0x414/0x53f [ 51.010355][ T2963] secondary_startup_64_no_verify+0xcf/0xdb [ 51.016320][ T2963] [ 51.016320][ T2963] to a HARDIRQ-irq-unsafe lock: [ 51.023316][ T2963] (&htab->buckets[i].lock){+...}-{2:2} [ 51.023335][ T2963] [ 51.023335][ T2963] ... which became HARDIRQ-irq-unsafe at: [ 51.036743][ T2963] ... [ 51.036751][ T2963] lock_acquire+0x1f8/0x5a0 [ 51.043906][ T2963] _raw_spin_lock_bh+0x31/0x40 [ 51.048747][ T2963] sock_hash_free+0x160/0x820 [ 51.053499][ T2963] process_one_work+0x8a9/0x11d0 [ 51.058508][ T2963] worker_thread+0xa47/0x1200 [ 51.063255][ T2963] kthread+0x28d/0x320 [ 51.067403][ T2963] ret_from_fork+0x1f/0x30 [ 51.071893][ T2963] [ 51.071893][ T2963] other info that might help us debug this: [ 51.071893][ T2963] [ 51.082103][ T2963] Possible interrupt unsafe locking scenario: [ 51.082103][ T2963] [ 51.090404][ T2963] CPU0 CPU1 [ 51.095751][ T2963] ---- ---- [ 51.101101][ T2963] lock(&htab->buckets[i].lock); [ 51.106115][ T2963] local_irq_disable(); [ 51.112854][ T2963] lock(&base->lock); [ 51.119427][ T2963] lock(&htab->buckets[i].lock); [ 51.127132][ T2963] [ 51.130570][ T2963] lock(&base->lock); [ 51.134804][ T2963] [ 51.134804][ T2963] *** DEADLOCK *** [ 51.134804][ T2963] [ 51.142932][ T2963] 4 locks held by kworker/0:3/2963: [ 51.148116][ T2963] #0: ffff888012472138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 51.158570][ T2963] #1: ffffc9000c4ffd20 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_one_work+0x7a9/0x11d0 [ 51.169983][ T2963] #2: ffff8880b9828358 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x120/0x260 [ 51.179302][ T2963] #3: ffffffff8d12a940 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run3+0x146/0x440 [ 51.188782][ T2963] [ 51.188782][ T2963] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 51.199261][ T2963] -> (&base->lock){-.-.}-{2:2} { [ 51.204204][ T2963] IN-HARDIRQ-W at: [ 51.208167][ T2963] lock_acquire+0x1f8/0x5a0 [ 51.214341][ T2963] _raw_spin_lock_irqsave+0xd1/0x120 [ 51.221264][ T2963] lock_timer_base+0x120/0x260 [ 51.227670][ T2963] add_timer_on+0x1eb/0x580 [ 51.233809][ T2963] handle_irq_event+0xa9/0x1e0 [ 51.240209][ T2963] handle_level_irq+0x3ab/0x6c0 [ 51.246701][ T2963] __common_interrupt+0xd7/0x1f0 [ 51.253278][ T2963] common_interrupt+0x9f/0xc0 [ 51.259595][ T2963] asm_common_interrupt+0x22/0x40 [ 51.266257][ T2963] _raw_spin_unlock_irqrestore+0xd4/0x130 [ 51.273615][ T2963] __setup_irq+0x12fa/0x1d80 [ 51.279844][ T2963] request_threaded_irq+0x2a7/0x380 [ 51.286709][ T2963] setup_default_timer_irq+0x1f/0x30 [ 51.293640][ T2963] x86_late_time_init+0x51/0x86 [ 51.300318][ T2963] start_kernel+0x414/0x53f [ 51.306473][ T2963] secondary_startup_64_no_verify+0xcf/0xdb [ 51.314034][ T2963] IN-SOFTIRQ-W at: [ 51.318014][ T2963] lock_acquire+0x1f8/0x5a0 [ 51.324175][ T2963] _raw_spin_lock_irq+0xcf/0x110 [ 51.330755][ T2963] __run_timers+0x111/0x890 [ 51.336900][ T2963] run_timer_softirq+0x63/0xf0 [ 51.343300][ T2963] __do_softirq+0x2e9/0xa4c [ 51.349446][ T2963] __irq_exit_rcu+0x155/0x240 [ 51.355763][ T2963] irq_exit_rcu+0x5/0x20 [ 51.361648][ T2963] common_interrupt+0xa4/0xc0 [ 51.368138][ T2963] asm_common_interrupt+0x22/0x40 [ 51.374805][ T2963] console_emit_next_record+0xd67/0x1000 [ 51.382076][ T2963] console_unlock+0x278/0x7c0 [ 51.388395][ T2963] vprintk_emit+0x523/0x740 [ 51.394535][ T2963] _printk+0xd1/0x111 [ 51.400149][ T2963] spectre_v2_select_mitigation+0x4f7/0x748 [ 51.407678][ T2963] cpu_select_mitigations+0x3d/0x8f [ 51.414510][ T2963] arch_cpu_finalize_init+0xf/0x81 [ 51.421254][ T2963] start_kernel+0x423/0x53f [ 51.427396][ T2963] secondary_startup_64_no_verify+0xcf/0xdb [ 51.434979][ T2963] INITIAL USE at: [ 51.438895][ T2963] lock_acquire+0x1f8/0x5a0 [ 51.444959][ T2963] _raw_spin_lock_irqsave+0xd1/0x120 [ 51.451801][ T2963] lock_timer_base+0x120/0x260 [ 51.458112][ T2963] add_timer_on+0x1eb/0x580 [ 51.464161][ T2963] handle_irq_event+0xa9/0x1e0 [ 51.470475][ T2963] handle_level_irq+0x3ab/0x6c0 [ 51.476875][ T2963] __common_interrupt+0xd7/0x1f0 [ 51.483374][ T2963] common_interrupt+0x9f/0xc0 [ 51.489692][ T2963] asm_common_interrupt+0x22/0x40 [ 51.496266][ T2963] _raw_spin_unlock_irqrestore+0xd4/0x130 [ 51.503627][ T2963] __setup_irq+0x12fa/0x1d80 [ 51.509766][ T2963] request_threaded_irq+0x2a7/0x380 [ 51.516511][ T2963] setup_default_timer_irq+0x1f/0x30 [ 51.523354][ T2963] x86_late_time_init+0x51/0x86 [ 51.529759][ T2963] start_kernel+0x414/0x53f [ 51.535809][ T2963] secondary_startup_64_no_verify+0xcf/0xdb [ 51.543364][ T2963] } [ 51.545847][ T2963] ... key at: [] init_timer_cpu.__key+0x0/0x20 [ 51.554083][ T2963] [ 51.554083][ T2963] the dependencies between the lock to be acquired [ 51.554091][ T2963] and HARDIRQ-irq-unsafe lock: [ 51.567586][ T2963] -> (&htab->buckets[i].lock){+...}-{2:2} { [ 51.573478][ T2963] HARDIRQ-ON-W at: [ 51.577457][ T2963] lock_acquire+0x1f8/0x5a0 [ 51.583613][ T2963] _raw_spin_lock_bh+0x31/0x40 [ 51.590013][ T2963] sock_hash_free+0x160/0x820 [ 51.596338][ T2963] process_one_work+0x8a9/0x11d0 [ 51.602912][ T2963] worker_thread+0xa47/0x1200 [ 51.609224][ T2963] kthread+0x28d/0x320 [ 51.614932][ T2963] ret_from_fork+0x1f/0x30 [ 51.620987][ T2963] INITIAL USE at: [ 51.624865][ T2963] lock_acquire+0x1f8/0x5a0 [ 51.630925][ T2963] _raw_spin_lock_bh+0x31/0x40 [ 51.637236][ T2963] sock_hash_free+0x160/0x820 [ 51.643466][ T2963] process_one_work+0x8a9/0x11d0 [ 51.649953][ T2963] worker_thread+0xa47/0x1200 [ 51.656177][ T2963] kthread+0x28d/0x320 [ 51.661797][ T2963] ret_from_fork+0x1f/0x30 [ 51.667764][ T2963] } [ 51.670252][ T2963] ... key at: [] sock_hash_alloc.__key+0x0/0x20 [ 51.678563][ T2963] ... acquired at: [ 51.682348][ T2963] lock_acquire+0x1f8/0x5a0 [ 51.687018][ T2963] _raw_spin_lock_bh+0x31/0x40 [ 51.691942][ T2963] sock_hash_delete_elem+0xac/0x2f0 [ 51.697486][ T2963] bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e [ 51.703157][ T2963] bpf_trace_run3+0x231/0x440 [ 51.708010][ T2963] enqueue_timer+0x440/0x600 [ 51.712768][ T2963] __mod_timer+0x92b/0xee0 [ 51.717344][ T2963] schedule_timeout+0x1b4/0x300 [ 51.722354][ T2963] rcu_exp_sel_wait_wake+0x764/0x1d50 [ 51.727882][ T2963] process_one_work+0x8a9/0x11d0 [ 51.732983][ T2963] worker_thread+0xa47/0x1200 [ 51.737818][ T2963] kthread+0x28d/0x320 [ 51.742056][ T2963] ret_from_fork+0x1f/0x30 [ 51.746631][ T2963] [ 51.748939][ T2963] [ 51.748939][ T2963] stack backtrace: [ 51.754868][ T2963] CPU: 0 PID: 2963 Comm: kworker/0:3 Not tainted 6.1.83-syzkaller #0 [ 51.762919][ T2963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 51.772962][ T2963] Workqueue: rcu_gp wait_rcu_exp_gp [ 51.778157][ T2963] Call Trace: [ 51.781426][ T2963] [ 51.784344][ T2963] dump_stack_lvl+0x1e3/0x2cb [ 51.789014][ T2963] ? nf_tcp_handle_invalid+0x642/0x642 [ 51.794465][ T2963] ? panic+0x75d/0x75d [ 51.798529][ T2963] ? print_shortest_lock_dependencies+0xee/0x150 [ 51.804885][ T2963] validate_chain+0x4d16/0x5950 [ 51.809729][ T2963] ? lockdep_lock+0x2a0/0x2a0 [ 51.814405][ T2963] ? reacquire_held_locks+0x660/0x660 [ 51.819787][ T2963] ? reacquire_held_locks+0x660/0x660 [ 51.825499][ T2963] ? reacquire_held_locks+0x660/0x660 [ 51.831388][ T2963] ? register_lock_class+0x100/0x990 [ 51.836665][ T2963] ? validate_chain+0x112/0x5950 [ 51.841595][ T2963] ? is_dynamic_key+0x260/0x260 [ 51.846444][ T2963] ? mark_lock+0x9a/0x340 [ 51.850775][ T2963] __lock_acquire+0x125b/0x1f80 [ 51.855619][ T2963] lock_acquire+0x1f8/0x5a0 [ 51.860318][ T2963] ? sock_hash_delete_elem+0xac/0x2f0 [ 51.865789][ T2963] ? lockdep_softirqs_on+0x590/0x590 [ 51.871091][ T2963] ? read_lock_is_recursive+0x10/0x10 [ 51.876467][ T2963] ? sock_hash_delete_elem+0xac/0x2f0 [ 51.881834][ T2963] ? __bpf_trace_softirq+0x10/0x10 [ 51.886937][ T2963] ? read_lock_is_recursive+0x10/0x10 [ 51.892301][ T2963] ? sock_hash_delete_elem+0xac/0x2f0 [ 51.897772][ T2963] _raw_spin_lock_bh+0x31/0x40 [ 51.902716][ T2963] ? sock_hash_delete_elem+0xac/0x2f0 [ 51.908112][ T2963] sock_hash_delete_elem+0xac/0x2f0 [ 51.913318][ T2963] bpf_prog_2c29ac5cdc6b1842+0x3a/0x3e [ 51.918872][ T2963] bpf_trace_run3+0x231/0x440 [ 51.923553][ T2963] ? bpf_trace_run3+0x146/0x440 [ 51.928419][ T2963] ? bpf_trace_run2+0x410/0x410 [ 51.933260][ T2963] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 51.939142][ T2963] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 51.944587][ T2963] ? _raw_spin_lock+0x40/0x40 [ 51.949358][ T2963] enqueue_timer+0x440/0x600 [ 51.953943][ T2963] __mod_timer+0x92b/0xee0 [ 51.958349][ T2963] ? mod_timer_pending+0x20/0x20 [ 51.963649][ T2963] ? lockdep_softirqs_off+0x420/0x420 [ 51.969056][ T2963] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 51.974953][ T2963] ? _raw_spin_unlock+0x40/0x40 [ 51.979821][ T2963] schedule_timeout+0x1b4/0x300 [ 51.984774][ T2963] ? console_conditional_schedule+0x40/0x40 [ 51.990698][ T2963] ? update_process_times+0x1b0/0x1b0 [ 51.996082][ T2963] rcu_exp_sel_wait_wake+0x764/0x1d50 [ 52.005192][ T2963] ? read_lock_is_recursive+0x10/0x10 [ 52.010564][ T2963] ? rcu_check_gp_start_stall+0x450/0x450 [ 52.016271][ T2963] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 52.022151][ T2963] ? do_raw_spin_unlock+0x137/0x8a0 [ 52.027356][ T2963] ? process_one_work+0x7a9/0x11d0 [ 52.032454][ T2963] process_one_work+0x8a9/0x11d0 [ 52.037382][ T2963] ? worker_detach_from_pool+0x260/0x260 [ 52.043003][ T2963] ? _raw_spin_lock_irqsave+0x120/0x120 [ 52.048545][ T2963] ? kthread_data+0x4e/0xc0 [ 52.053036][ T2963] ? wq_worker_running+0x97/0x190 [ 52.058051][ T2963] worker_thread+0xa47/0x1200 [ 52.062714][ T2963] ? _raw_spin_unlock+0x40/0x40 [ 52.067639][ T2963] ? __sched_text_start+0x8/0x8 [ 52.072483][ T2963] ? _raw_spin_unlock+0x40/0x40 [ 52.077321][ T2963] kthread+0x28d/0x320 [ 52.081382][ T2963] ? worker_clr_flags+0x190/0x190 [ 52.086393][ T2963] ? kthread_blkcg+0xd0/0xd0 [ 52.090981][ T2963] ret_from_fork+0x1f/0x30 [ 52.095478][ T2963]